1. Appsmith Git SSH Integration Bypassed Critical SSRF Filter, Exposing Internal Networks
A critical security flaw in Appsmith's Git integration allowed authenticated users to bypass the platform's primary SSRF (Server-Side Request Forgery) defenses. The vulnerability was rooted in the JGit SSH client, which connected directly to user-supplied remote URLs without performing any IP address validation. This c...